Re: [libvirt] [PATCH] qemu: avoid denial of service reading from QEMU monitor (CVE-2018-xxxx)
On 01/17/2018 10:13 AM, Michal Privoznik wrote:
On 01/16/2018 06:01 PM, Daniel P. Berrange wrote:
> We read from QEMU until seeing a \r\n pair to indicate a completed reply
> or event. To avoid memory denial-of-service though, we must have a size
> limit on amount of data we buffer. 10 MB is large enough that it ought
> to cope with normal QEMU replies, and small enough that we're not
> consuming unreasonable mem.
>
>
ACK, although is this really a CVE? Doesn't look that harmful to me. I
mean, owning qemu is not that easy, is it?
We treat qemu as untrusted, in case a guest escapes qemu due to some
other CVE. If a guest really did cause qemu to emit unbounded QMP text,
and it starves libvirtd, then that guest has mounted a denial of service
against anything else libvirtd is starved from doing. So yes, in my
opinion it is a CVE, even if it is an unlikely case because it won't
trigger without a flaw in more than one layer.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)